rpms / ipa

Clone
Source Code
GIT

Files

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   c7
  2.   SOURCES
  3.   0019-Add-more-indices.patch
Blob Blame History Raw 
From 68b3ed5adb1512f352d0e6dba0073352966fa2d8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fcami@redhat.com>
Date: Fri, 22 Jan 2021 14:35:59 +0200
Subject: [PATCH] Add more indices
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Manual backport of 9f0ec27e9f13ed40b8e58162d99bf9b0e8b4afd5.
Original commit message:
****************************************************
ipaCASubjectDN is used by lightweight sub CA feature.

ipaExternalMember is used by KRB driver to assemble MS-PAC records.

ipaNTSecurityIdentifier was only index for "pres" and was missing an
index on "eq". Samba and ipasam perform queries with SID string.

memberPrincipal is used by S4U2Proxy constrained delegation and by
ipa-custodia.

Also note that dnaHostname, ipServiceProtocol, ipaCertSubject, and
ipaKeyUsage are currently not index because an index would rarely used
or have a poor selectivity.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
****************************************************

The ipaNTSecurityIdentifier entry was missing in ipa-4-6 and is
added by this commit.

Fixes: https://pagure.io/freeipa/issue/8677
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
---
 install/updates/20-indices.update | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/install/updates/20-indices.update b/install/updates/20-indices.update
index 6798f50c80754c9f27f458d4a7d70a4cf7f26f74..0032387536196af5f3b72c15a4ce72a79fec9288 100644
--- a/install/updates/20-indices.update
+++ b/install/updates/20-indices.update
@@ -380,3 +380,32 @@ default: objectClass: top
 default: objectClass: nsIndex
 default: nsSystemIndex: false
 default: nsIndexType: eq
+
+dn: cn=ipaCASubjectDN,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+only:cn: ipaCASubjectDN
+default:objectClass: nsIndex
+default:objectClass: top
+default:nsSystemIndex: false
+add:nsIndexType: eq
+
+dn: cn=ipaExternalMember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+only:cn: ipaExternalMember
+default:objectClass: nsIndex
+default:objectClass: top
+default:nsSystemIndex: false
+add:nsIndexType: eq
+
+dn: cn=memberPrincipal,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+only:cn: memberPrincipal
+default:objectClass: nsIndex
+default:objectClass: top
+default:nsSystemIndex: false
+add:nsIndexType: eq
+
+dn: cn=ipaNTSecurityIdentifier,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+only: cn: ipaNTSecurityIdentifier
+default: objectClass: top
+default: objectClass: nsIndex
+default: nsSystemIndex: false
+add: nsIndexType: eq
+add: nsIndexType: pres
-- 
2.26.2

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation